Regulated entities

Our services for regulated entities in the financial services sector include:

1.  Advice on the implementation of DORA regulation, in particular the following topics:

• Analysing whether the given financial entity falls under the scope of application of DORA
• Analysing whether the given ICT service provider and ICT services fall under the scope of application of DORA
• Analysing whether the given ICT service/service provider qualifies as which supports critical or important function of the financial entity
• Analysing whether the given ICT service provider qualifies as key (critical) provider
• Incident reporting and management
• TLPT testing, testing of digital operation resilience
• Cybersecurity and IT security measures
• Audit issues, certificates
• Liability issues: liability of chief executive officers
• Due diligence of ICT providers
• Interplay between NIS2 and DORA

2.  Assistance in the preparation of the necessary DORA documentation:

• Internal policies, such as Information Security Policy, ICT Business Continuity Plan, Disaster Recovery Plan
• Incident management policies and processes

3.  Trainings for board members and employees responsible for DORA compliance:

• Preparing the training materials: PPT presentation and word summary
• Answering client-specific questions

4.  Policy development and documentation

• Assisting in developing or updating policies related to ICT risk management, incident reporting, and third-party risk management to comply with DORA
• Helping create comprehensive documentation that supports DORA compliance efforts, including risk assessment reports and resilience testing results

5.  Assistance in managing ICT service providers:

• Preparing DORA contract template with ICT service providers, including the mandatory contractual provisions.
• Preparing due diligence questionnaire for ICT service providers
• Assisting in preparing the exit strategy
• Assisting in due diligence of ICT service providers
• Checking the ICT service provider’s answers, certificates, conducting background checks
  1. Assisting in assessment of ICT-concentration risk
  2. Negotiating all the DORA contracts with ICT service providers:
• Preparing the ICT service provider specific DORA contracts, including the individually negotiated parts from the previous outsourcing contracts,
• Negotiating the contracts with the ICT service providers.
  1. Assisting in registering of ICT service providers and completing the data provision obligation to the supervisory authorities

6.  Assistance in reporting and managing ICT related incidents/events:

• Assisting in risk analysis, business impact analysis
• Assisting in classification of ICT related incidents/events
• Preparing incident reports
• Representing the client in the procedure before the supervisory authority
• Assisting in crisis communication

7.  Litigation and Enforcement Risk Management

• Preparing defence strategies for potential regulatory investigations or enforcement actions related to non-compliance with DORA
• Representing investment funds in negotiations or disputes with regulatory authorities

8.  Assistance in information sharing:

• Preparing information sharing agreements